Session issue in IIS with CakePHP

When working on PHP and MySql development we rarely get a chance to install the application on Windows IIS server. And today I was asked to do the same. The first issue was related with mod_rewrite which is easily solved by un-commenting the line –

Configure::write(‘App.baseUrl’, env(‘SCRIPT_NAME’));

But the big issue came when I found that session is not working. After login the user is immediately redirected back to log-in page. I searched on Google for many solutions related with session.save_path, server time issues, user_agent verification etc., but none of them worked.

The I found a solution and I thought it may be helpful for some of you, or even me in future, if bookmarked here.I found a article in CakePHP Bakery, which suggested to use a separate file to handle session. Although this was not related to this issue, I though to give it a try and it worked for me.

To make it work you just need to create file in the /app/config folder with name, say session_handler.php. You can name it anything you like, and add below code in it:

<?php
// You can copy the ini_set statements from the switch block here
// http://code.cakephp.org/source/branches/1.2/cake/libs/session.php#484
// for case 'php' (around line 484) and modify to your needs.

// Lets assume our config value for Security.level is 'medium'

//Get rid of the referrer check even when Security.level is medium
ini_set('session.referer_check', '');
// or you can use this to restore to previous value
// ini_restore('session.referer_check');

//Cookie lifetime set to 0, so session is destroyed when browser is closed and doesn't persist for days as it does by default when Security.level is 'low' or 'medium'
ini_set('session.cookie_lifetime', 0);

//Now this feels a bit hacky so it would surely be nice to have a config variable for cookie path instead.
//Cookie path is now '/' even if your app is within a sub directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

//This sets the cookie domain to ".yourdomain.com" thereby making session persists across all sub-domains
ini_set('session.cookie_domain', env('HTTP_BASE'));

//Comment out/remove this line if you want to keep using the default session cookie name 'PHPSESSID'
//Useful when you want to share session vars with another non-cake app.
ini_set('session.name', Configure::read('Session.cookie'));

Did you added the file correctly? I mean can you check that this file is being used to handle the session? You can put any debug code in this file and that should be displayed in the browser on page load.